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CLAIMS: 



1 1 . A method of bypassing an initial sign-on screen of an underlying operating system with a single 

2 sign-on capability comprising the steps of: 

3 providing an application framework, wherein said apphcation framework logs on a user with a first 

4 level of access in said underlying operating system; 

5 generating an application framework sign-on screen; 

6 entering a logon input on said generated application framework sign-on screen; and 

7 comparing said logon input with an application framework security database to determine level of 
^8 access. 

^1 2. The method as recited in claim 1 fiirther comprising the step of: 
^2 selecting an indication of said first level of access. 

^1 3 . The method as recited in claim 1 , wherein said user is logged onto said underlying operating system 

ml and an application environment with said first level of access thereby bypassing said initial sign-on screen 

ff|3 of said underlying operating system with said single sign-on. 

1 4. The method as recited in claim 1 , wherein if said logon input is not entitled to a second level of 

2 access according to said application framework security database, then said user is logged onto an 

3 application environment and said underlying operating system as said first level of access. 

1 5 . The method as recited in claim 1 , wherein if said logon input is entitled to a second level of access 

2 according to said application framework security database, then the method fiuther comprises the step of: 

3 executing a switch user program to switch said user to said second level of access. 
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1 6. The method as recited in claim 5, wherein said switch user program switches said user to said 

2 second level of access by modifying an underlying operating system*s registry. 

1 7. The method as recited in claim 6, wherein said switch user program logs off said user with said first 

2 level of access, wherein said underlying operating system logs on said user with said second level of access. 

1 8 . The method as recited in claim 1 , wherein said logon input comprises a user identification and a user 

2 password. 

1 9. The method as recited in claim 2, wherein if said logon input is entitled to a second level of access 

^2 according to said apphcation fi-amework security database, then the method further comprises the step of: 
'^"3 generating an indication of said second level of access. 

5 

-ml 10. The method as recited in claim 2, wherein if said logon input is not entitled to a second level of 

%2 access according to said apphcation fi-amework secxirity database, then an indication of said second level 

1,3 of access will not be generated to said user, wherein said user is restricted to said first level of access. 

oil 11. The method as recited in claim 9 further comprising the step of: 

g2 executing a switch user program to switch level of access to said second level of access by selecting 

3 said indication of said second level of access, 

1 12. The method as recited in claim 1 1 , wherein said switch user program switches said user to said 

2 second level of access by modifying an underlying operating system's registry. 

1 13. The method as recited in claim 1 2, wherein said switch user program logs off said user with said 

2 first level of access, wherein said underlying operating system logs on said user with said second level of 

3 access. 
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1 14. The method as recited in claim 1 , wherein said application framework security database stores 

2 system operator information, wherein said application framework security database defines at least one of 

3 the following: users, passwords, groups of users and application specific authorization. 

1 15. The method as recited in claim 1 fiirther comprising the step of: 

2 selecting an indication of a second level of access. 

1 16. The method as recited in claim 1 5, wherein if said logon input is not entitled to said second level 

2 of access according to said application framework security database, then said user is restricted to said first 

3 level of access. 

i z 

Si 1 7. The method as recited in claim 15, wherein if said logon input is entitled to said second level of 

=p2 access according to said application framework security database, then the method fiirther comprises the 

S3 step of 

^4 executing a switch user program to switch said user to said second level of access. 

s 

Ml 18. The method as recited in claim 1 7 fiirther comprising the step of 

m2 transferring said logon input to said underlying operating system for verification. 

1 19. The method as recited in claim 1 8 fiirther comprising the step of 

2 comparing said logon input with an underlying operating system security database, wherein if said 

3 underlying operating system security database verifies said user with access to said second level of access, 

4 then said switch user program switches said user to said second level of access. 

1 20. The method as recited in claim 1 9, wherein said switch user program switches said user to said 

2 second level of access by modifying an underlying operating system's registry. 



-18- 



RPS9-2000-0052US 1 ^ PATENT 

2 1 . The method as recited in claim 20, wherein said switch user program logs offsaid user with said 
first level of access, wherein said underlying operating system logs on said user with said second level of 
access. 



22. The method as recited in claim 18 further comprising the step of: 

comparing said logon input with an underlying operating system security database, wherein if said 
underlying operating system security database does not verify said user with access to said second level 
of access, then the method further comprises the step of: 

requesting from said user a logon identification; and 

comparing said logon identification with said underlying operating system security database. 

2 3 . The method as recited in claim 22, wherein said logon identification comprises a user identification 
and a user password. 

24. The method as recited in claim 22, wherein if said underlying operating system security database 
verifies said user with access to said second level of access, then said switch user program switches said 
user to said second level of access. 



2 5 . The method as recited in claim 24, wherein said switch user program switches said user to said 
second level of access by modifying an underlying operating system's registry. 

26. The method as recited in claim 25, wherein said switch user program logs off said user with said 
first level of access, wherein said underlying operating system logs on said user wdth said second level of 
access. 



27. The method as recited in claim 22, wherein if said underlying operating system security database 
does not verify said user with access to said second level of access, then said user is restricted to said first 
level of access. 
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1 28. A computer program product having a computer readable medium having computer program logic 

2 recorded thereon for bypassing an initial sign-on screen of an underlying operating system with a single sign 

3 capability, comprising: 

[ 4 programming operable for providing an ^plication fiamewoik, wherein said application framework 

5 logs on a user with a first level of access in said imderlying operating system; 

6 programming operable for generating an application framework sign-on screen; 

7 programming operable for receiving a logon input entered on said generated application framework 

8 sign-on screen; and 

_9 programming operable for comparing said logon input with an application framework security 

#0 database to determine level of access. 

^1 29. The computer program product as recited in claim 28 further comprises: 

^2 programming operable for selecting an indication of said first level of access. 

*^ 

u 

ml 30. The computer program product as recited in claim 28, wherein said user is logged onto said 

g=i2 underlying operating system and an ^plication environment with said first level of access thereby bypassing 

^3 said initial sign-on screen of said underlying operating system with said single sign-on. 

1 31. The computer program product as recited in claim 28, wherein if said logon input is not entitled to 

2 a second level of access according to said application framework security database, then said user is 

3 restricted to said first level of access. 

1 32. The computer program product as recited in claim 28, wherein if said logon input is entitled to a 

2 second level of access according to said application framework security database, then the computer 

3 program product further comprises: 
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4 programming operable for executing a switch user program to switch said user to said second level 

5 of access. 

1 33 . The computer program product as recited in claim 32, wherein said switch user program switches 

2 said user to said second level of access by modifying an underlying operating system's registry. 

1 34. The computer program product as recited in claim 33, wherein said switch user program logs off 

2 said user with said first level of access, wherein said underlying operating system logs on said user with said 

3 second level of access. 

^1 35. The computer program product as recited in claim 28, wherein said logon input comprises a user 

@2 identification and a user password. 

2l 36. The computerprogram product as recited in claim 29, wherein if said logon input is entitled to a 

^2 second level of access according to said application fi-amework security database, then the computer 

1^3 program product fiirther comprises: 

ffl4 programming operable for generating an indication of said second level of access. 

^1 37. The computerprogram product as recited in claim 29, wherein if said logon input is not entitled to 

2 a second level of access according to said appUcation fi-amework security database, then an indication of 

3 said second level of access will not be generated to said user, wherein said user is restricted to said first 

4 level of access. 

1 38. The computer program product as recited in claim 36 fiirther comprises: 

2 programming operable for executing a switch user program to switch level of access to said second 

3 level of access by selecting said indication of said second level of access. 
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1 39. The computer program product as recited in claim 38, wherein said switch user program switches 

2 said user to said second level of access by modifying an underlying operating system's registry. 

1 40. The computer program product as recited in claim 39, wherein said switch user program logs off 

2 said user with said first level of access, wherein said underlying operating system logs on said user with said 

3 second level of access. 

1 41. The computer program product as recited in claim 28, wherein said ^pHcation fi-amework security 

2 database stores system operator information, wherein said ^plication fimiework security database defines 

3 at least one of the following: users, passwords, groups of users and application specific authorization. 

42. The computer program product as recited in claim 28 fiirther comprises: 
^2 programming operable for selecting an indication of a second level of access. 

f 1 43 . The computer program product as recited in claim 42, wherein if said logon input is not entitled to 



iJl said second level of access according to said application fi-amework security database, then said user is 

ffi3 restricted to said first level of access. 

^1 44, The computer program product as recited in claim 42, wherein if said logon input is entitled to said 

2 second level of access according to said application fi-amework security database, then the computer 

3 program product fiirther comprises: 

4 programming operable for executing a SAvitch user program to switch said user to said second level 

5 of access. 

1 45. The computer program product as recited in claim 44 fiuther comprises: 

2 programming operable for transferring said logon input to said underlying operating system for 

3 verification. 
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1 46. The computer program product as recited in claim 45 further comprises: 

2 programming operable for comparing said logon input with an underlying operating system security 

3 database, wherein if said underlying operating system security database verifies said user with access to 

4 said second level of access, then said switch user program switches said user to said second level of 

5 access. 

1 47 . The computer program product as recited in claim 46, wherein said switch user program switches 

2 said user to said second level of access by modifying an imderlying operating system's registry. 

1 48 . The computer program product as recited in claim 47, wherein said switch user program logs off 

Jl said user with said first level of access, wherein said underlying operating system logs on said user with said 

=03 second level of access. 

o 

^\ 49. The computer program product as recited in claim 45 further comprises: 

^2 programming operable for comparing said logon input with an underlying operating system secijrity 

= 3 database, wherein if said underlying operating system security database does not verify said user with 

m4 access to said second level of access, then the computer program product further comprises: 

,^5 programming operable for requesting firom said user a logon identification; and 

"^6 programming operable for comparing said logon identification with said underlying operating system 

i i 

7 security database. 

1 50. The computer program product as recited in claim 49, wherein said logon identification comprises 

2 a user identification and a user password. 

1 51. The computer program product as recited in claim 49, wherein if said underlying operating system 

2 security database verifies said user with access to said second level of access, then said switch user 

3 program switches said user to said second level of access. 
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52 . The computer program product as recited in claim 5 1 , wherein said switch user program switches 
said user to said second level of access by modifying an underlying operating system's registry. 



53 . The computer program product as recited in claim 52, wherein said switch user program logs off 
said user with said first level of access, wherein said underlying operating system logs on said user with said 
second level of access. 

54. The computer program product as recited in claim 49, wherein if said underlying operating system 
security database does not verify said user with access to said second level of access, then said user is 
restricted to said first level of access. 
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55. A data processing system, comprising: 
a processor; 

a memory unit operable for storing a computer program operable for bypassing an initial sign-on 
screen of an underlying operating system with a single sign capability; 
an input mechanism; 
an output mechanism; and 

abus system coupling the processor to the memory unit, input mechanism, and output mechanism, 
wherein the computer program is operable for performing the following progranmiing steps: 

providing an appUcation framework, wherein said application framework logs on a user 
with a first level of access in said underlying operating system; 

generating an application framework sign-on screen; 

receiving a logon input entered on said generated application framework sign-on screen; 

and 

comparing said logon input with an application fi-amework security database to determine 

level of access. 

56. The data processing system as recited in claim 55, wherein the computer program is further 
operable to perform the programming step: 

selecting an indication of said first level of access. 

57. The data processing system as recited in claim 55, wherein said user is logged onto said underlying 
operating system and an application environment with said first level of access thereby bypassing said initial 
sign-on screen of said underlying operating system with said single sign-on. 
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1 58. The data processing system as recited in claim 55, wherein if said logon input is not entitled to a 

2 second level of access according to said application framework security database, then said user is logged 

3 onto an application environment and said underlying operating system as said first level of access. 

1 59. The data processing system as recited in claim 55, wherein if said logon input is entitled to a second 

2 level of access according to said application framework security database, then the computer program is 

3 further operable to perform the programming step: 

4 executing a switch user program to switch said user to said second level of access. 

1 60. The data processing system as recited in claim 59, wherein said switch user program switches said 

^ user to said second level of access by modifying an underlying operating system's registry. 

£1 61. The data processing system as recited in claim 60, wherein said switch user program logs off said 

g2 user with said first level of access, wherein said underlying operating system logs on said user with said 

^ second level of access. 

Hi 62. The data processing system as recited in claim 55, wherein said logon input comprises a user 

hi2 identification and a user password. 

1 63 . The data processing system as recited in claim 56, wherein if said logon input is entitled to a second 

2 level of access according to said application framework security database, then the computer program is 

3 further operable to perform the programming step: 

4 generating an indication of said second level of access. 

1 64. The data processing system as recited in claim 56, wherein if said logon input is not entitled to a 

2 second level of access according to said application framework security database, then an indication of said 

3 second level of access will not be generated to said user, wherein said user is restricted to said first level 

4 of access. 
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1 65. The data processing system as recited in claim 63, wherein the computer program is further 

2 operable to perform the programming step: 

3 executing a switch user program to switch level of access to said second level of access by selecting 

4 said indication of said second level of access. 

1 66. The data processing system as recited in claim 65, wherein said switch user program switches said 

2 user to said second level of access by modifying an underlying operating system's registry. 

1 67. The data processing system as recited in claim 66, wherein said switch user program logs off said 

^ user with said first level of access, wherein said underlying operating system logs on said user with said 

C3 second level of access. 

^1 68. The data processing system as recited in claim 5 5 , wherein said application framework security 

1-2 

"22 database stores system operator information, wherein said application framework security database defines 

1,3 at least one of the following: users, passwords, groups of users and application specific authorization. 

ml 69. The data processing system as recited in claim 55, wherein the computer program is further 

™2 operable to perform the programming step: 

3 selecting an indication of a second level of access. 

1 70. The data processing system as recited in claim 69, wherein if said logon input is not entitled to said 

2 second level of access according to said application framework security database, then said user is 

3 restricted to said first level of access. 

1 71. The data processing system as recited in claim 69, wherein if said logon input is entitled to said 

2 second level of access according to said application framework security database, then the computer 

3 program is further operable to perform the programming step: 
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executing a switch user program to switch said user to said second level of access. 



72. The data processing system as recited in claim 71 , wherein the computer program is further 
operable to perform the programming step: 

transferring said logon input to said underlying operating system for verification. 

73. The data processing system as recited in claim 72, wherein the computer program is further 
operable to perform the programming step: 

comparing said logon input v^th an underlying operating system security database, wherein if said 
underlying operating system security database verifies said user with access to said second level of access, 
then said switch user program switches said user to said second level of access. 

74. The data processing system as recited in claim 73, wherein said switch user program switches said 
user to said second level of access by modifying an underlying operating system's registry. 

7 5 . The data processing system as recited in claim 74, wherein said switch user program logs off said 
user with said first level of access, wherein said underlying operating system logs on said user with said 
second level of access. 

76. The data processing system as recited in claim 72, wherein the computer program is further 
operable to perform the programming step: 

comparing said logon input with an underlying operating system security database, wherein if said 
underlying operating system security database does not verify said user with access to said second level 
of access, then the computer program is further operable to perform the progranmiing steps: 

requesting from said user a logon identification; and 

comparing said logon identification with said underlying operating system security database. 
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77. The data processing system as recited in claim 76, wherein said logon identification comprises a 
user identification and a user password. 



78 . The data processing system as recited in claim 76, wherein if said underlying operating system 
security database verifies said user with access to said second level of access, then said switch user 
program switches said user to said second level of access. 

79. The data processing system as recited in claim 78, wherein said switch userprogram switches said 
user to said second level of access by modifying an underlying operating system's registry. 

80. The data processing system as recited in claim 79, wherein said switch userprogram logs off said 
user with said first level of access, wherein said imderlying operating system logs on said user with said 
second level of access. 

8 1 . The data processing system as recited in claim 76, wherein if said underlying operating system 
security database does not verify said user with access to said second level of access, then said user is 
restricted to said first level of access. 
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